<?php
/*
	[Destoon B2B System] Copyright (c) 2008-2011 Destoon.COM
	This is NOT a freeware, use is subject to license.txt
*/
require 'common.inc.php';

//echo $_username;
if($submit)
{

		if(! $_username)
		{
			 echo "<script>alert('请登录后上传。');history.go(-1);</script>";
			 exit;	
		}
		$file = $_FILES['file'];
		//print_r($file);
		/*name=>原始文件名,type=>文件类型,tmp_name=>临时文件地址,error=>错误0表示成功,size=>尺寸 单位k  1024k=1kb ,*/
		extract($file);
		$hz = pathinfo($name);
		$hzm =  strtolower($hz['extension']);//文件后缀名 不带.
		//echo $hzm;exit;
		if(!in_array($hzm,array('doc','rar','7z','excel','xls','zip')))
		{
			 echo "<script>alert('请上传正确的文件类型。');history.go(-1);</script>";
			 exit;	
		}
		if($size>2048*1024)
		{
			 echo "<script>alert('文件大小为2048kb。');history.go(-1);</script>";
			 exit;
		}
		if(!is_dir('upload'))
		{
			mkdir('upload');
		}
		$newpath = 'upload/'.date('Ymdhis',time()).time().'.'.$hzm;
		if(move_uploaded_file($tmp_name,$newpath))
		{
			$db->query("INSERT INTO `dt_zxrz` (`ip`,`thumb`, `status`, `time`, `username`,`price`,`company`,`name`,`address`,`tel`) VALUES ('".$DT_IP."','".DT_PATH.$newpath."', '0', '".time()."', '".$_username."', '".$_POST['price']."', '".$_POST['company']."', '".$_POST['name']."', '".$_POST['address']."', '".$_POST['tel']."');");
			echo "<script>alert('上传成功，等待审核！');window.location.href='/rongzi/47.html';</script>";
			
		}
}
else
{
 	
			 echo "<script>alert('请上传文件。');history.go(-1);</script>";
			 exit;	
		
}?>